{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7124", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-07-26T06:14:05.930Z", "datePublished": "2024-11-14T15:07:50.313Z", "dateUpdated": "2024-11-14T16:06:24.925Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DInGO dLIbra", "vendor": "Poznan Supercomputing and Networking Center", "versions": [{"lessThan": "6.3.20", "status": "affected", "version": "6.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kacper Rybczy\u0144ski"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software&nbsp;in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.</span><br>"}], "value": "Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software\u00a0in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-11-14T15:07:50.313Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/11/CVE-2024-7124/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/11/CVE-2024-7124/"}, {"tags": ["product"], "url": "https://dingo.psnc.pl/dlibra/"}], "source": {"discovery": "UNKNOWN"}, "title": "Reflected XSS in DInGO dLibra", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "poznan_supercomputing_and_networking_center", "product": "dingo_dlibra", "cpes": ["cpe:2.3:a:poznan_supercomputing_and_networking_center:dingo_dlibra:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0", "status": "affected", "lessThan": "6.3.20", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T16:00:09.691686Z", "id": "CVE-2024-7124", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T16:06:24.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7124", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-14T16:00:09.691686Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:poznan_supercomputing_and_networking_center:dingo_dlibra:*:*:*:*:*:*:*:*"], "vendor": "poznan_supercomputing_and_networking_center", "product": "dingo_dlibra", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.3.20", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T16:06:09.419Z"}}], "cna": {"title": "Reflected XSS in DInGO dLibra", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Kacper Rybczy\u0144ski"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Green", "providerUrgency": "GREEN", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Poznan Supercomputing and Networking Center", "product": "DInGO dLIbra", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.3.20", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.pl/en/posts/2024/11/CVE-2024-7124/", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/11/CVE-2024-7124/", "tags": ["third-party-advisory"]}, {"url": "https://dingo.psnc.pl/dlibra/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software\u00a0in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software&nbsp;in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-11-14T15:07:50.313Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7124", "state": "PUBLISHED", "dateUpdated": "2024-11-14T16:06:24.925Z", "dateReserved": "2024-07-26T06:14:05.930Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-11-14T15:07:50.313Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software\u00a0in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web en el software DInGO dLibra en el par\u00e1metro 'filter' del endpoint 'indexsearch' permite un ataque de Cross Site Scripting (XSS) reflejado. Un atacante podr\u00eda enga\u00f1ar a alguien para que use una URL manipulada, lo que har\u00e1 que se ejecute un script en el navegador del usuario. Este problema afecta al software DInGO dLibra en las versiones 6.0 anteriores a la 6.3.20."}], "id": "CVE-2024-7124", "lastModified": "2024-11-15T13:58:08.913", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "recovery": "AUTOMATIC", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:Green", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-11-14T15:15:09.177", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2024/11/CVE-2024-7124/"}, {"source": "cvd@cert.pl", "url": "https://cert.pl/posts/2024/11/CVE-2024-7124/"}, {"source": "cvd@cert.pl", "url": "https://dingo.psnc.pl/dlibra/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cvd@cert.pl", "type": "Secondary"}]}

{}

{}